视图的成员: CWE-284:访问控制不恰当(Improper Access Control); CWE-435: 交互错误(Improper Interaction Between Multiple Correctly-Behaving Entities); CWE-664:在生命周期中对资源的控制不恰当(Improper Control of a Resource Through its Lifetime); 视图的子节点: 这里以CWE-120为例,从图中可以看到: CWE-...
1. CWE的视图 CWE做为软件缺陷分类的重要标准, 对安全研究、安全标准、缺陷管理起了重要的纽带作用。CW...
视图的成员: CWE-284:访问控制不恰当(Improper Access Control); CWE-435: 交互错误(Improper Interaction Between Multiple Correctly-Behaving Entities); CWE-664:在生命周期中对资源的控制不恰当(Improper Control of a Resource Through its Lifetime); 视图的子节点: 这里以CWE-120为例,从图中可以看到: CWE-...
视图的成员: CWE-284:访问控制不恰当(Improper Access Control); CWE-435: 交互错误(Improper Interaction Between Multiple Correctly-Behaving Entities); CWE-664:在生命周期中对资源的控制不恰当(Improper Control of a Resource Through its Lifetime); 视图的子节点: 这里以CWE-120为例,从图中可以看到: CWE-...
Operating system allows logon scripts to be run whenever a specific user or users logon to a system. If adversaries can access these scripts, they may insert additional code into the logon script. This code can allow them to maintain persistence or move laterally within an enclave because it...
CWE-284:访问控制不恰当(Improper Access Control); CWE-435: 交互错误(Improper Interaction Between Multiple Correctly-Behaving Entities); CWE-664:在生命周期中对资源的控制不恰当(Improper Control of a Resource Through its Lifetime); 视图的子节点: ...
CWE-285: Improper Access Control (Authorization) CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-259: Hard-Coded Password CWE-732: Insecure Permission Assignment for Critical Resource CWE-330: Use of Insufficiently Random Values ...
6、C'Classic Buffer Overflow,)Cross-Site Request Forgery (CSRF)Improper Access Control (Authorization)Reliance on llntrusted Inputs in a Security Deci si anImproper Lirnttation of 逐 Pathnamie to a Restricted Directory CPath Tratfersal )Unrestricted Upload of File with DanigerouSi TypeImproper San...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 结构: Simple Abstraction: Base 状态: Stable 被利用可能性: High 基本描述 The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web ...
CWE-284: Improper Access Control CWE-285: Improper Authorization CWE-287: Improper Authentication CWE-297: Improper Validation of Certificate with Host Mismatch CWE-306: Missing Authentication for Critical Function CWE-312: Cleartext Storage of Sensitive Information CWE-345: Insufficient Verification of ...